diff --git a/app/common/controller/Backend.php b/app/common/controller/Backend.php
index 6fad10d..e0f8249 100644
--- a/app/common/controller/Backend.php
+++ b/app/common/controller/Backend.php
@@ -153,8 +153,15 @@ class Backend extends Api
             }
             if ($needPermission) {
                 $controllerPath = $this->getControllerPath($request);
-                $routePath = $controllerPath . '/' . $action;
-                if (!$this->auth->check($routePath)) {
+                $routePaths = $this->buildPermissionRoutePaths($controllerPath, $action);
+                $pass = false;
+                foreach ($routePaths as $routePath) {
+                    if ($this->auth->check($routePath)) {
+                        $pass = true;
+                        break;
+                    }
+                }
+                if (!$pass) {
                     return $this->error(__('You have no permission'), [], 401);
                 }
             }
@@ -467,4 +474,26 @@ class Backend extends Api
     {
         return get_controller_path($request);
     }
+
+    /**
+     * 构造权限节点候选：兼容 snake_case 与 camelCase 节点名
+     *
+     * @return string[]
+     */
+    protected function buildPermissionRoutePaths(string $controllerPath, string $action): array
+    {
+        $paths = [];
+        $paths[] = $controllerPath . '/' . $action;
+
+        $parts = explode('/', $controllerPath);
+        foreach ($parts as &$part) {
+            if (str_contains($part, '_')) {
+                $part = lcfirst(str_replace(' ', '', ucwords(str_replace('_', ' ', $part))));
+            }
+        }
+        $camelControllerPath = implode('/', $parts);
+        $paths[] = $camelControllerPath . '/' . $action;
+
+        return array_values(array_unique($paths));
+    }
 }